“We should have been more clear” Says Facebook spokesman Andrew Noyes, responding to criticism about the deployment of the company’s new feature called Tag Suggestions without first notifying the users. Tag Suggestions is a facial recognition feature that allows users to identify an individual across multiple photos.

Sure you can turn off this feature, but it’s on by default. The defense seems to be “if you don’t like it you can turn if off”, but that’s really the whole point. Users should not have to find a feature they don’t know exists to turn it off – after the feature has already rolled out and their images possibly tagged.

The Facebook apology (“we should have been more clear”) rings particularly hollow as this follows a long history of implement first; weather the protests; sound contrite but don’t change anything; wait for people to give up fighting it – and if that doesn’t work, reluctantly pull back.

Remember Beacon? This ‘feature’, launched in late 2008 took details about purchases a user made and by default shared that information making it visible to all their friends. Under extreme pressure Facebook finally made it optional then, nearly a year after its launch, they were forced to close it entirely after they lost a class-action lawsuit by furious users.

Facebook Privacy Settings. Can you say oxymoron? At least once a year Facebook ‘updates’ it’s privacy settings to expose more of your information than ever before. You can see this clear erosion in a blog posted in April 2010 by the Electronic Frontier Foundation titled Facebook’s Eroding Privacy Policy: A Timeline. These updates usually come after tremendous consumer protest and investigations by government bodies in the U.S. and abroad (you can thank the Canadian Privacy Minister and the EU for some of the restraints Facebook has had to bow to)

In fact, it was only a year ago that we heard nearly the same apology over another set of privacy encroachments, when Facebook’s CEO Mark Zuckerberg’s said, in what might have been one of the biggest understatement of 2010″We just missed the mark”. That statement, and this week’s “we should have been more clear” are non-apologies. As Peter Kafka commented on the 2010 incident “After weeks of noisy complaints about Facebook’s newest privacy issues, Mark Zuckerberg used an op-ed in the Washington Post to reverse course and beg his users for forgiveness. Hah! Not really. Zuckerberg’s 528-word memo might seem contrite, but only if you skim quickly. Read closely and you’ll see that it’s a classic nonapology–he’s sorry that Facebook “move[d] too fast.”

What’s really at stake here is money. Every single piece of information about you has financial value. Too manyconsumers think that using a company’s “free” services is free. They aren’t. It just means the company makes money in some other fashion. Facebook (like other ‘free’ companies) makes money by advertising. The way they attract advertisers is by providing advertisers as much information as possible about you so they can target the most relevant market segments. This means collecting as much information as they can about you = more money. Given this financial model, Facebook’s intrusion of consumers’ privacy is no accident; it’s the key to their financial growth. If you look on Facebook’s advertising page you’ll see this clearly spelled out:

I am not opposed to companies making money. I am opposed to them doing so using information they did not give consumers a full understanding of how it would be used, or giving consumers the notice and ability to block the collection of new types of information IN ADVANCE of rolling out new privacy encroachments. That’s just unethical.

Facebook has learned over their long history of introducing new features without informing users that in most cases, memories are short. After the initial furor subsides users accept the new settings. It was for just this type of behavior that the moral of the frog placed in warm water, vs. the frog placed in boiling water was created. Letting encroachment occur incrementally because you are too complacent to address each new infringement allows Facebook to take every last shred of your privacy.

As users you need to demand rights or you won’t have any. It is for this reason I periodically publish your ‘bill of rights’ as internet users:

ALL Internet users have the expectation of a safe Internet experience, and respectful companies strive to provide quality safety and privacy options that are easily discovered and used by consumers. Your safety and privacy, as well as the safety and privacy of your family on the Internet should be core elements of online product and service design.

In a nutshell, online consumers should demand these rights (I’ve highlighted the ones specifically relevant to this incident):

Establishing safety and privacy settings should be an element in the registration, or activation of a specific feature’s, process. This includes informing you in easily understood language about the potential consequences of your choices. This allows, and requires, you to make your own choices, rather than being pushed into hidden, default settings.

During the registration or activation process, articles of the terms and conditions, and privacy policy, that might affect your privacy or safety, or that of a minor in your care, should be presented to you in easy to understand language, not in a long, complicated legal document in small font.

You should expect complete, easily understood information and age appropriate recommendations about every safety and privacy feature in a product or service.

You should expect to easily report abuse of the products or abuse through the products of you or someone in your care.

You should expect a notice or alert if a significant safety or privacy risk is discovered in an online product or service you or someone in your care is using.

The provider needs to publish on a regular basis statistics demonstrating how well the company enforces its policies. Such statistics should include; the number and types of abuse reports, number of investigations conducted, and number and type of corrective actions taken by the provider.

When services or products are upgraded, you have the right to be informed of new features or changes to existing features and their impact on your – or your child’s – safety or privacy in advance of the rollout.

When the terms of use or privacy policy of any provider are about to change, you have the right to be informed in advance of the changes and their impact on your – or your child’s – safety and privacy.

When a provider informs you of changes to their features, privacy policy, or terms and conditions, they should provide you with a clearly discoverable, way to either opt out, or block the change, or to terminate your account.

When terminating an account, your provider should enable you to remove permanently and completely all of your personal information, posts, photos, and any other personal content you may have provided or uploaded, or that has been collected by the provider about you.